Security

Reply
Frequent Contributor I

CPPM, DNS, Certificates and Master/Backup

I'm hoping someone can enlighten me here!!

 

We have two controllers (6.1) acting as Master/Backup, both have IP presence in the management subnet (loopback and SVI) and guest subnet (SVI). VRRP is currently only configured in the management subnet using the SVI addresses.

 

There is also a single CPPM (6.2) which also has IP presence in both the management and guest subnets.

 

Firstly, does anyone know which interface the CPPM uses as it's source and for which protocols etc...?

 

Secondly, what is the preferred way of configuring DNS and Certificates? My assumption on this point is that;

1) Setup VRRP on the guest subnet and configure DNS to resolve to this address (for NAS login from the CPPM).

2) Create a CSR using OpenSSL which uses the above DNS as it's Common Name but include SAN addresses for their individual hostnames. Get this signed and imported into both controllers.

 

The CPPM appliance will then be configured as normal with it's own publicly signed certificate (for iOS onboarding) and a matching DNS entry created for the address on the guest subnet.

 

Any guidance would be appreciated.

Any amount of Kudos will be greatly appreciated!!!

Re: CPPM, DNS, Certificates and Master/Backup

See this AWESOME post :)

 

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/Certificate-Issues-Questions/m-p/94444

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: